./cert-tool.sh ca 365

./cert-tool.sh server 365

#!/bin/bash

mkdir -p cert-tool
cd cert-tool
if [ -n "$2" ]; then
  day=$2
else
  day=10000
fi

clear_old(){
  rm -f cert-tool/*        
}


read -p "rm cert-tool/server*? [Y/n]" input
case $input in
  Y)
   clear_old
  ;;
  y)
   clear_old
  ;;
esac

ca(){
  openssl genrsa -out ca.key 2048
  openssl req -new -sha256 -out ca.csr -key ca.key -config openssl.cnf
  openssl x509 -req -in ca.csr -out ca.crt -signkey ca.key -days $day
  openssl x509 -in ca.crt -noout -text
}

server(){
  openssl genrsa -out server.key 2048
  openssl req -new -sha256 -out server.csr -key server.key -config openssl.cnf
  openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days $day -extensions v3_req -extfile openssl.cnf
  openssl x509 -in server.crt -noout -text
}

cat > openssl.cnf <<EOF
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Root Group
commonName                      = Common Name (eg, your name or your server\'s hostname)
commonName_max                  = 64
commonName_default              = Private Root CA

[ v3_req ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.deployconfig-operator-system.svc
DNS.2 = *.deployconfig-operator-system.svc.cluster.local
EOF


case $1 in
  ca) ca
  ;;
  server) server
  ;;
  *)
    echo "$0 ca|server"
  ;; 
esac